Hi,
I recently added some spamassassin rules that deal with these geocities spam as I gathered a list of them.
Here are my rules (used in my server & also posted in NANAE) :
Description :
PW_GEOCITIES adds a little 0.2 for any email containing a link to Geocities. Obviously, this rule will trigger some False Positives and the score is low. I added it mainly as a way to check valid mails with a geocities link within them.
PW_GEOCITIES_DASH adds 1.0 when the address contains either "_" or "-" in the user name (used to bump the score a bit when no redirector is used). Few legitimate geocities accounts use these characters, but expect a few False Positives.
PW_GEOCITIES_RD adds a massive 10 points when a geocities account with redirection / tracking is detected (no normal geocities account owner would do that. False Positive rate should be very close to Zero)
# Deal with Geocities Spam
body PW_GEOCITIES /(?i)(?i)http://(it|uk|sg|ca|www|au|in|mx|de|es).geocities(.yahoo|).com//
describe PW_GEOCITIES Contains a link to Geocities. score PW_GEOCITIES 0.2
body PW_GEOCITIES_DASH /(?i)(?i)http://(it|uk|sg|ca|www|au|in|mx|de|es).geocities(.yahoo|).com/[A-Za-z0-9%]{1,40}(_|-)[A-Z_-a-z0-9%]{1,60}/
describe PW_GEOCITIES_DASH Link to Geocities with a - or _ score PW_GEOCITIES_DASH 1.0
body PW_GEOCITIES_RD /(?i)(?i)http://(it|uk|sg|ca|www|au|in|mx|de|es).geocities(.yahoo|).com/[A-Z_-a-z0-9%]{1,60}/?[A-Z_-a-z0-9%&]{1,100}/
describe PW_GEOCITIES_RD Geocities Redirector spam. score PW_GEOCITIES_RD 10.0
My 0.02
Eric
------------------------------------------------------------------------------------
Raymond Dijkxhoorn wrote:
Hi!
Here's a recipe I've put in the SpamBouncer that catches most of the spam with Geocities links I've been seeing. Most of that spam contains, not just a Geocities URL (not always uk.geocities.com), but also a query right after the domain and first slash. If you block that pattern, you'll catch a lot of spam. So far, I've seen *no* false positives -- in the SpamBouncer spamtrap or as complaints from users of SpamBouncer 2.1 beta.
SpamBouncer is a huge set of Procmail recipes, so anyone who uses Procmail might find this handy:
We see a lot comming in with plain http://geocities.com lately, so you might want to add that also.
Bye, Raymond. _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss